{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41327", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-28T16:56:43.366Z", "datePublished": "2023-09-06T20:38:45.161Z", "dateUpdated": "2024-08-02T19:01:33.620Z"}, "containers": {"cna": {"title": "Controlled SSRF through URL in the WireMock", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/wiremock/wiremock/security/advisories/GHSA-hq8w-9w8w-pmx7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-hq8w-9w8w-pmx7"}, {"name": "https://github.com/wiremock/wiremock/releases/tag/3.0.0-beta-15", "tags": ["x_refsource_MISC"], "url": "https://github.com/wiremock/wiremock/releases/tag/3.0.0-beta-15"}, {"name": "https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses", "tags": ["x_refsource_MISC"], "url": "https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses"}], "affected": [{"vendor": "wiremock", "product": "wiremock", "versions": [{"version": " org.wiremock:wiremock-webhooks-extension: >= 2.0.0, < 2.35.1", "status": "affected"}, {"version": " org.wiremock:wiremock-webhooks-extension: >= 3.0.0, < 3.0.3", "status": "affected"}, {"version": " wiremock-studio: All versions", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-06T20:38:45.161Z"}, "descriptions": [{"lang": "en", "value": "WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. \n\nUntil WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock\u2019s instance. For example, If someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations."}], "source": {"advisory": "GHSA-hq8w-9w8w-pmx7", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:01:33.620Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/wiremock/wiremock/security/advisories/GHSA-hq8w-9w8w-pmx7", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-hq8w-9w8w-pmx7"}, {"name": "https://github.com/wiremock/wiremock/releases/tag/3.0.0-beta-15", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/wiremock/wiremock/releases/tag/3.0.0-beta-15"}, {"name": "https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wiremock:studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "94D6D047-97F7-4326-AAF8-09ACB980D549", "versionEndIncluding": "2.32.0-17", "vulnerable": true}, {"criteria": "cpe:2.3:a:wiremock:wiremock:*:*:*:*:*:*:*:*", "matchCriteriaId": "418B9CC0-59C9-4560-9E92-5C0B1D547916", "versionEndExcluding": "2.35.1", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wiremock:wiremock:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E2F15FC-7298-49C1-9C37-6B0AE0C5B272", "versionEndExcluding": "3.0.3", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WireMock is a tool for mocking HTTP services. WireMock can be configured to only permit proxying (and therefore recording) to certain addresses. This is achieved via a list of allowed address rules and a list of denied address rules, where the allowed list is evaluated first. \n\nUntil WireMock Webhooks Extension 3.0.0-beta-15, the filtering of target addresses from the proxy mode DID NOT work for Webhooks, so the users were potentially vulnerable regardless of the `limitProxyTargets` settings. Via the WireMock webhooks configuration, POST requests from a webhook might be forwarded to an arbitrary service reachable from WireMock\u2019s instance. For example, If someone is running the WireMock docker Container inside a private cluster, they can trigger internal POST requests against unsecured APIs or even against secure ones by passing a token, discovered using another exploit, via authentication headers. This issue has been addressed in versions 2.35.1 and 3.0.3 of wiremock. Wiremock studio has been discontinued and will not see a fix. Users unable to upgrade should use external firewall rules to define the list of permitted destinations."}, {"lang": "es", "value": "WireMock es una herramienta para imitar servicios HTTP. WireMock se puede configurar para permitir solo el proxy (y por lo tanto la grabaci\u00f3n) en ciertas direcciones. Esto se logra mediante una lista de reglas de direcciones permitidas y una lista de reglas de direcciones denegadas, donde la lista permitida se eval\u00faa primero. Hasta WireMock Webhooks Extension 3.0.0-beta-15, el filtrado de direcciones de destino desde el modo proxy NO funcionaba para Webhooks, por lo que los usuarios eran potencialmente vulnerables independientemente de la configuraci\u00f3n de `limitProxyTargets`. A trav\u00e9s de la configuraci\u00f3n de los webhooks de WireMock, las solicitudes POST de un webhook pueden reenviarse a un servicio arbitrario accesible desde la instancia de WireMock. Por ejemplo, si alguien ejecuta el contenedor acoplable WireMock dentro de un cl\u00faster privado, puede activar solicitudes POST internas contra APIs no seguras o incluso contra APIs seguras pasando un token, descubierto mediante otro exploit, a trav\u00e9s de encabezados de autenticaci\u00f3n. Este problema se solucion\u00f3 en las versiones 2.35.1 y 3.0.3 de wiremock. Wiremock Studio ha sido descontinuado y no se implementar\u00e1 un parche. Los usuarios que no puedan actualizar deben usar reglas de firewall externas para definir la lista de destinos permitidos."}], "id": "CVE-2023-41327", "lastModified": "2023-09-12T20:43:26.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-09-06T21:15:14.323", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/wiremock/wiremock/releases/tag/3.0.0-beta-15"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-hq8w-9w8w-pmx7"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}